posts - 83 , comments - 119 , trackbacks - 2

My Links

News


MJ Ferdous

Ferdous has industry level experience on Microsoft Platform and has done several presentations and workshops on SharePoint. Prior to joining Microsoft, He worked as SharePoint Architect at BrainStation-23, OT Consulting, Rockwell Automation etc. Ferdous also worked as SharePoint Consultant and SharePoint Trainer for many organizations such as BASIS, Robi Axiata, etc.

He was the key organizer & speaker of “SharePoint Developer’s Conference 2013” & "SharePoint Community Day 2012" jointly with Microsoft. He is the author of several technical articles at code project, MS SharePoint Tips, Dev Media etc. He is also founder of SharePoint Experts Bangladesh user-group.

invisible hit counter View My Stats

Tag Cloud

Archives

Blogs [MVP]

My Articles

My Others Link

Public Speaking

Authentication Error with SharePoint Application which uses Host Header on the Server firm

This is known issue with SharePoint 2007 or SharePoint 2010 on Windows Server 2008 platform and not specific to any sharepoint application.

Problem: Your windows credential doesn’t work if you try to log in to the web application (http://contosto.company.com) on the server itself although you can access the same site from outside, when you create a SharePoint web application with a host header (contosto.company.com) on SharePoint Server (Server Name: contosto) which is installed on Windows Server 2008. This problem is happening with the recent patches.

image

If you check the event viewer logs on “Security” category, you will see something like the one below under Audit Failure Keyword

image

The main reason for this issue is Windows includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name as the system blocks the authentication procedure while resolving the host header given to the web application.

To resolve this issue, a modification must be done to the server's registry to specify the host name. To specify the host names that are mapped to the loopback address and that can connect to Web sites on your computer, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Exit Registry Editor, and then restart the computer.

image

The name placeholder is considered a host header. It is an alternative name for the computer on which Reporting Services is installed. You must add the NetBIOS and the Fully Qualified Domain Name (FQDN) for name to the BackConnectionHostNames list that is stored in the Windows registry.
For example, if name is a Windows computer name, such as contoso, the name can likely also be referenced in FQDN form as contoso.domain.com. You must add both representations to the list in BackConnectionHostNames.

So, The above registry modification must be done for all other SharePoint applications which are using Host Header.

Reference:

 You receive an error message when you use SQL Server 2008 Reporting Services: "HTTP 401.1 - Unauthorized: Logon Failed"

Print | posted on Thursday, January 6, 2011 1:13 AM |

Feedback

Gravatar

# re: Authentication Error with SharePoint Application which uses Host Header on the Server firm

AWESOME! Thank you!
Works with site01.localhost, site02.localhost, etc!
10/31/2013 3:18 AM | Stephen Soran
Gravatar

# re: Authentication Error with SharePoint Application which uses Host Header on the Server firm

Thanks it's working fine,nice job
4/5/2014 1:28 PM | vignesh
Post A Comment
Title:
Name:
Email:
Comment:
Verification:
 

Powered by: